WordPress.org

Make WordPress Core

Changeset 42186


Ignore:
Timestamp:
11/15/17 02:32:06 (4 days ago)
Author:
westonruter
Message:

Widgets: Set global $post to current queried object instead of nullifying when is_singular() while applying filters (and shortcodes) in Text widget and (via plugin) Custom HTML widget.

Also prevent [gallery] shortcode from dumping out every attachment on the site when a containing Text widget is shown on an archive template.

Props westonruter, bobbingwide, joemcgill for testing.
See #10457.
Fixes #42548, #42547 for 4.9.

Location:
branches/4.9
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-includes/widgets/class-wp-widget-custom-html.php

    r42164 r42186  
    8282 
    8383    /** 
     84     * Filter gallery shortcode attributes. 
     85     * 
     86     * Prevents all of a site's attachments from being shown in a gallery displayed on a 
     87     * non-singular template where a $post context is not available. 
     88     * 
     89     * @since 4.9.0 
     90     * 
     91     * @param array $attrs Attributes. 
     92     * @return array Attributes. 
     93     */ 
     94    public function _filter_gallery_shortcode_attrs( $attrs ) { 
     95        if ( ! is_singular() && empty( $attrs['id'] ) && empty( $attrs['include'] ) ) { 
     96            $attrs['id'] = -1; 
     97        } 
     98        return $attrs; 
     99    } 
     100 
     101    /** 
    84102     * Outputs the content for the current Custom HTML widget instance. 
    85103     * 
    86104     * @since 4.8.1 
    87105     * 
     106     * @global WP_Post $post 
    88107     * @param array $args     Display arguments including 'before_title', 'after_title', 
    89108     *                        'before_widget', and 'after_widget'. 
     
    91110     */ 
    92111    public function widget( $args, $instance ) { 
     112        global $post; 
     113 
     114        // Override global $post so filters (and shortcodes) apply in a consistent context. 
     115        $original_post = $post; 
     116        if ( is_singular() ) { 
     117            // Make sure post is always the queried object on singular queries (not from another sub-query that failed to clean up the global $post). 
     118            $post = get_queried_object(); 
     119        } else { 
     120            // Nullify the $post global during widget rendering to prevent shortcodes from running with the unexpected context on archive queries. 
     121            $post = null; 
     122        } 
     123 
     124        // Prevent dumping out all attachments from the media library. 
     125        add_filter( 'shortcode_atts_gallery', array( $this, '_filter_gallery_shortcode_attrs' ) ); 
    93126 
    94127        $instance = array_merge( $this->default_instance, $instance ); 
     
    118151         */ 
    119152        $content = apply_filters( 'widget_custom_html_content', $content, $instance, $this ); 
     153 
     154        // Restore post global. 
     155        $post = $original_post; 
     156        remove_filter( 'shortcode_atts_gallery', array( $this, '_filter_gallery_shortcode_attrs' ) ); 
    120157 
    121158        // Inject the Text widget's container class name alongside this widget's class name for theme styling compatibility. 
  • branches/4.9/src/wp-includes/widgets/class-wp-widget-text.php

    r42001 r42186  
    180180 
    181181    /** 
     182     * Filter gallery shortcode attributes. 
     183     * 
     184     * Prevents all of a site's attachments from being shown in a gallery displayed on a 
     185     * non-singular template where a $post context is not available. 
     186     * 
     187     * @since 4.9.0 
     188     * 
     189     * @param array $attrs Attributes. 
     190     * @return array Attributes. 
     191     */ 
     192    public function _filter_gallery_shortcode_attrs( $attrs ) { 
     193        if ( ! is_singular() && empty( $attrs['id'] ) && empty( $attrs['include'] ) ) { 
     194            $attrs['id'] = -1; 
     195        } 
     196        return $attrs; 
     197    } 
     198 
     199    /** 
    182200     * Outputs the content for the current Text widget instance. 
    183201     * 
     
    222240        } 
    223241 
    224         // Nullify the $post global during widget rendering to prevent shortcodes from running with the unexpected context. 
    225         $suspended_post = null; 
    226         if ( isset( $post ) ) { 
    227             $suspended_post = $post; 
     242        // Override global $post so filters (and shortcodes) apply in a consistent context. 
     243        $original_post = $post; 
     244        if ( is_singular() ) { 
     245            // Make sure post is always the queried object on singular queries (not from another sub-query that failed to clean up the global $post). 
     246            $post = get_queried_object(); 
     247        } else { 
     248            // Nullify the $post global during widget rendering to prevent shortcodes from running with the unexpected context on archive queries. 
    228249            $post = null; 
    229250        } 
     251 
     252        // Prevent dumping out all attachments from the media library. 
     253        add_filter( 'shortcode_atts_gallery', array( $this, '_filter_gallery_shortcode_attrs' ) ); 
    230254 
    231255        /** 
     
    279303 
    280304        // Restore post global. 
    281         if ( isset( $suspended_post ) ) { 
    282             $post = $suspended_post; 
    283         } 
     305        $post = $original_post; 
     306        remove_filter( 'shortcode_atts_gallery', array( $this, '_filter_gallery_shortcode_attrs' ) ); 
    284307 
    285308        // Undo suspension of legacy plugin-supplied shortcode handling. 
Note: See TracChangeset for help on using the changeset viewer.